Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
If you are at all interested in how the Internet's Domain Name System (DNS) works, then one of the most rewarding meetings that is dedicated to this topic is the DNS OARC workshops. I attended the spring workshop in Amsterdam in early May, and the following are my impressions from the presentations and discussion. What makes these meetings unique in the context of DNS is the way it combines operations and research, bringing together researchers, builders and maintainers of DNS software systems, and operators of DNS infrastructure services into a single room and a broad and insightful conversation. more
In those circles where Internet prognostications abound and policy makers flock to hear grand visions of the future, we often hear about the boundless future represented by "The Internet of Things". This phrase encompasses some decades of the computing industry's transition from computers as esoteric piece of engineering affordable only by nations, to mainframes, desktops, laptops, handhelds, and now wrist computers. Where next? more
The movement for upping the minimum wage in the US is gathering momentum. Protests and placard waving are on the increase, and the quest for $15 per hour is well underway. There are plenty of arguments as to why such a hike in minimum wage is necessary, and what the consequences could be to those businesses dependent upon the cheapest hourly labor. But, for the information security industry, upping the minimum wage will likely yield only good news. more
As security breaches increasingly make headlines, thousands of Internet security companies are chasing tens of billions of dollars in potential revenue. While we, the authors, are employees of Internet security companies and are happy for the opportunity to sell more products and services, we are alarmed at the kind of subversive untruths that vendor "spin doctors" are using to draw well-intentioned customers to their doors. Constructive criticism is sometimes necessarily harsh, and some might find the following just that, harsh. But we think it's important that organizations take a "buyers beware" approach to securing their business. more
Everyone has heard of the cyber security attacks on Target (2013), Home Depot (2014), Neiman Marcus (2014), Sony Pictures (2014), and the United States' second-largest health insurer, Anthem (reported February 2015), but have you heard of the security breaches for Aaron Brothers, Evernote (denial of service attack), P.F. Chang's China Bistro, Community Health Services, Goodwill Industries, SuperValu, Bartell Hotels, Dairy Queen, U.S. Transportation Command contractors, and more. more
Lastly, and certainly not the least, part four of my security predictions takes a deeper dive into mobile threats and what companies and consumer can do to protect themselves. If there is one particular threat category that has been repeatedly singled out for the next great wave of threats, it has to be the mobile platform -- in particular, smartphones... The general consensus of prediction was that we're (once again) on the cusp of a pandemic threat. more
A number of security predictions have been doing the rounds over the last few weeks, so I decided to put pen to paper and write a list of my own. However, I have a quite a few predictions so I have listed them over several blog posts. After all, I didn't want to bombard you with too much information in one go! Part three examines the threats associated with data breaches. more
The White House has announced a new proposal to fix cybersecurity. Unfortunately, the positive effects will be minor at best; the real issue is not addressed. This is a serious missed opportunity by the Obama adminstration; it will expend a lot of political capital, to no real effect... The proposals focus on two things: improvements to the Computer Fraud and Abuse Act and provisions intended to encourage information sharing. At most, these will help at the margins; they'll do little to fix the underlying problems. more
As the autumn leaves fall from naked trees to be trampled or encased in the winter snow, it reminds us of another year quickly gone by. Yet, for organisations that were breached and publicly scrutinised for their security lapses, it's been a long and arduous year. It was about this time last year that the news broke of Target's mega breach. Every news outlet was following the story and drip feeding readers with details, speculation and "expert opinion" on what happened, why it happened and who did it. more
The latest Anti-Phishing Working Group (APWG) Global Phishing Survey, which analyzed over 100,000 phishing attacks in the first half of 2014, examines the progress that top level domains (TLDs) are making in responding to phishing attacks that use their TLDs. The report finds the .INFO domain has the lowest average phishing uptimes as compared to other TLDs, such as .COM and .NET. more
Yesterday's DDoS attack against DNSimple brought to light a longstanding need for DNS nameserver operators to have an ability to unilaterally repudiate domains from their nameservers. The domains under attack started off on DNSMadeEasy, migrated off to DNSimple and took up residence there for about 12 hours, causing a lot of grief to DNSimple and their downstream customers. more
After the botched burglary at the Watergate Apartments, every scam and scandal that hit the headlines became a 'gate' -- Irangate, Contragate, you name it. The Heartbleed bug is possibly the closest thing to Watergate that this generation of computer security had seen till the past few days -- an exploit in a component that is "just there" -- something you utterly rely on to be there and perform its duties, and give very little thought to how secure (or rather, insecure) it might be. So, fittingly, every such catastrophic bug in an ubiquitous component is now a 'bleed'. more
It has been another busy quarter for the team that works on our DDoS Protection Services here at Verisign. As detailed in the recent release of our Q2 2014 DDoS Trends Report, from April to June of this year, we not only saw a jump in frequency and size of attacks against our customers, we witnessed the largest DDoS attack we've ever observed and mitigated -- an attack over 300 Gbps against one of our Media and Entertainment customers. more
Until now, the criminals behind malware and phishing have had only 22 generic top-level domain names (TLDs) to abuse -- names like .com, .net or .org. But with hundreds of new TLDs entering the marketplace, e.g. .buzz, .email, and .shop, there are many more targets than ever... What can attackers do with domain names? more
In a video interview conducted during the NSCS ONE conference, Paul Vixie CEO of Farsight Security further discusses the topic of his presentation titled: "Defective by Design -- How the Internet's Openness is Slowly Poisoning Us". more
A World-Renowned Source for Internet Developments. Serving Since 2002.